Secure your account with two-step authentication

This page was printed on Jan 21, 2019. For the current version, visit https://help.shopify.com/en/manual/your-account/account-security/two-step-authentication.

Two-step authentication (also known as two-factor authentication) provides a more secure login process because when you (or anyone) attempts to sign in, you'll have to provide the following information:

The account password.

A single-use authorization code generated by a mobile app or an SMS text message.

This is like a cash withdrawal machine at the bank, which requires both a debit card and a personal identification number (PIN). The difference here is that you'll have to use a different authentication code every time you sign in, because an authentication code expires after it's used.

Two-step authentication can be set up for all accounts, but the account owner can't enable it for staff members. Staff members need to set it up for their own accounts.

Enabling two-step authentication

There are two different ways to retrieve authentication codes to use during login. You can either:

A new dialog window opens. Click anywhere in the box labeled SMS Delivery.

Click Next.

Under the header Phone number, enter your mobile phone number.

Click Send Code.

Check your mobile phone for an SMS text message. Retrieve the 6 digit code from the text message, and enter it in step 2 of the dialog window.

Click Confirm.

You'll be provided with a list of 10 recovery code that look like this:

Write down your recovery codes and keep them in a safe place. If you lose your mobile device, or don't have it with you one day, then using a recovery code is the only way to log in to an account that has two-step authentication enabled.

Note

Each recovery code can be used only once.

You can retrieve your recovery codes at a later date, but only if you're already logged in. To do that, read about retrieving recovery codes.

Click Set Backup Phone (optional).

Enter an alternate phone number. Only use a trusted number, like your spouse's, business partner's, or a close friend's.

Click Confirm.

Now when you try to log in, two-step authentication will require your mobile device.

Tip

The authenticator app for BlackBerry devices does not scan QR codes – we'll provide a secret key for you to enter manually.

Follow the App installation instructions from a link above carefully. Shopify support cannot help you install these third-party apps on your mobile devices. Once your app is successfully downloaded and set up, continue to Activate the feature in Shopify.

Activate an authenticator app in Shopify

Steps:

A new dialog window opens. Click anywhere in the box labeled Authenticator App.

Click Next.

Configure your authentication app by using one of the two methods provided.

To use the QR code provided, tap Scan QR code and then point your camera at the QR code on your computer screen.

To use manual entry, click Click here to display to retrieve the secret key. In your mobile app, tap Manual Entry and enter the email address of your Google Account. Then, enter the secret key on your computer screen into the box next to Key and tap Done.

Enter the six-digit code generated by the app to complete step 3 of the dialog window.

Click Confirm.

You'll be provided with a list of 10 recovery code that look like this:

Write down your recovery codes and keep them in a safe place. If you lose your mobile device, or don't have it with you one day, then using a recovery code is the only way to log in to an account that has two-step authentication enabled.

Note

Each recovery code can be used only once.

You can retrieve your recovery codes at a later date, but only if you're already logged in. To do that, read about Retrieving Recovery Codes.

Click Set Backup Phone (optional).

Enter an alternate phone number. Only use a trusted number, like your spouse's, business partner's, or a close friend's.

Click Confirm.

Now when you try to log in, two-step authentication will require your mobile device.